CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2012-3040
https://notcve.org/view.php?id=CVE-2012-3040
Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el servidor web SIMATIC S7-1200 PLCs v2.x hasta v3.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URI específicamente construida. • http://en.securitylab.ru/lab/PT-2012-50 http://osvdb.org/86130 http://secunia.com/advisories/50816 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2012-3037
https://notcve.org/view.php?id=CVE-2012-3037
The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. El PLC siemens SIMATIC S7-1200 2.x no protege de forma adecuada la clave privada del certificado de SIMATIC CONTROLLER Certification Authority, lo que permitiría a atacantes remotos espiar el servidor Web S7-1200 usando esta clave para crear certificados falsificados. • http://en.securitylab.ru/lab/PT-2012-48 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-263-01.pdf • CWE-295: Improper Certificate Validation •